District says cyber attack prompted ‘code red’ lockdown of Cobb schools

10/5/2020 - Atlanta, Georgia - Clarkdale Elementary School students sit in pairs, one at each end of the table, as they wait for their school bus to arrive after school in Austell, Monday, October 5, 2020. Cobb County schools, the stateÕs second largest district with about 112,000 students, will begin the first phase of its reopening plan on Monday, Oct. 5. The district will reopen classes to students in pre-kindergarten through fifth grade and kindergarten through 12th grade special education students. (Alyssa Pointer / Alyssa.Pointer@ajc.com)
Caption
10/5/2020 - Atlanta, Georgia - Clarkdale Elementary School students sit in pairs, one at each end of the table, as they wait for their school bus to arrive after school in Austell, Monday, October 5, 2020. Cobb County schools, the stateÕs second largest district with about 112,000 students, will begin the first phase of its reopening plan on Monday, Oct. 5. The district will reopen classes to students in pre-kindergarten through fifth grade and kindergarten through 12th grade special education students. (Alyssa Pointer / Alyssa.Pointer@ajc.com)

Credit: Alyssa Pointer / Alyssa.Pointer@ajc.com

The Cobb County School District is investigating a malfunction of its emergency alert system, saying it was a “targeted, external attack” that placed all 112 of its schools on lockdown.

District officials earlier said an AlertPoint system “malfunction” on Feb. 2 caused employees to receive a message indicating an active alarm. The district said Wednesday that while the alarm was false, staff members had placed all schools and campuses into a code red lockdown, which “led to a high degree of anxiety for some students and staff.”

Following the incident, Cobb schools said it began investigating and found the alarm was intentionally set off and was “uniquely limited to the AlertPoint system.” The district requested the help of the Cobb County Police Department’s Technology Based Crimes Unit, which began its investigation of the alarm as a possible cyber attack.

A press release Wednesday from Cobb schools stated, “While we cannot currently provide further detail as the investigation continues into the ‘who’ and ‘why’ of the attack, we have been given permission to share the Technology Based Crimes Unit’s conclusion that the false alarm signal occurred through a targeted, external attack of CCSD’s AlertPoint system.”

Cobb police didn’t respond to questions from The Atlanta Journal-Constitution about the status of its investigation.

Cobb County schools has about 107,000 students enrolled, making it Georgia’s second largest district. The school is still offering both in-person and remote classes to its students.

“We do not yet know the motives of those attacking the District’s AlertPoint system,” the school district said. “However, it appears the crime was committed to disrupt education across the district, create district-wide chaos, and produce anxiety in the district’s students, parents, and staff. This was not a ‘prank,’ nor will it be treated like one.”

The false alarm led to several parents emailing Superintendent Chris Ragsdale and Board of Education members asking for details about the alarm system provided by Kennesaw-based AlertPoint. The district has so far provided no answers at its board meetings.

Another technological malfunction came weeks after the districtwide code red lockdown but has not been connected to the cyberattack. On Monday, an issue with a power source caused a number of UV sanitizing lights recently installed at Argyle Elementary School to flicker on and off, said district spokeswoman Nan Kiel. The lights, which are installed in ceilings, are designed to activate during the overnight hours to kill harmful microbes on surfaces.

The lights were part of a trial of a new technology designed to sanitize classrooms. Kiel said as many as two lights were activated during the school day in an area where no children were present. The district has halted use of the lights while it investigates the cause of the malfunction. The district has not answered questions from parents on whether the lights pose a health risk to people who may be accidentally exposed.

Parent Heather Tolley-Bauer, a member of Watching the Funds-Cobb, a grassroots organization, who raised concerns about the Feb. 2 false alarm with board members and Superintendent Chris Ragsdale, said she’s glad to see the district has identified the cause behind the lockdown. However, she said once the district gets the answers from the investigation, it will make sure “the system works properly and that teachers are trained on how to use it.”

Cobb school board members said the cyber attack on AlertPoint and the malfunctioning of the UV lights have raised more questions about the vulnerability of technology used by the district.

Board member Charisse Davis said both examples lead to questions about what security mechanisms does the district have in place to thwart technological attacks. Leroy “Tre” Hutchins, the newest school board member, said he wants to see the district re-evaluate the use of AlertPoint in its schools.

“If the safety mechanisms can be manipulated as we just witnessed, then the question is how safe are we?” he asked. “How safe is the system and is it the right system if it can be easily targeted?”

Board member Brad Wheeler said the incident should propel the district to explore “what can be put in place to prevent it from happening again.”

Anyone with information is asked to call the Cobb County Police Department’s tip line (770) 499-4111 or the Cobb school district police department’s tip line at (470) 689-0298.